Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Feb 2000 10:00:23 -0800 (PST)
From:      Steve Davidson <stevedav@pacbell.net>
To:        freebsd-questions@freebsd.org
Subject:   How do I use NFS with secureRPC as a FreeBSD client connecting to a Solaris server?
Message-ID:  <200002281800.KAA24034@imram.net>
index | next in thread | raw e-mail 


Questions:
How can I implement secureRPC for NFS between Solaris 7 and FreeBSD 3.4?

How do I use NFS with secureRPC as a FreeBSD client connecting 
to a Solaris server?

I want users to use 'keylogin' to establish their "publickeys", 
and use this to establish secureRPC connections to Solaris servers
from freeBSD clients.

Also,
how do I serve NFS with secureRPC from FreeBSD?

I have seen the "-kerb" option for Kerberos but nothing for secureRPC.
Kerberos is not based the "publickey" database.

Solaris supports four types of secureRPC services on NFS exports:
From the "share_nfs" man page (Solaris 7):

sec=mode[:mode]...
Sharing will use one or more of the
specified security modes.  The mode in
the sec=mode option must be a mode name
supported on the client. 
[...]                         
The security modes are defined in nfssec(5).

[also...]
secure    This option has been deprecated in favor
	  of the sec=dh option.

Does FreeBSD support the "secure" (Diffie-Hellmen) mode?
This seems to be the "classic" Sun secureRPC mechanism.


From the "nfssec(5)" man page (Solaris 7):
     The mount_nfs(1M) and share_nfs(1M) commands each provide a
     way to specify the security mode to be used on an NFS file
     system through the sec=mode option.   mode can be either
     sys, dh, krb4, or none. 

     If the NFS connection uses the NFS Version 3 protocol, the NFS clients
     must query the server for the appropriate mode to use.  
[...]
     NFS clients may force the use of a specific
     security mode by specifying the sec=mode option on the com-
     mand line. However, if the file system on the server is not
     shared with that security mode, the client may be denied
     access.


Background:

FreeBSD secureRPC documentation is sparse.
On the FreeBSD side I reviewed:
rpc_secure(3)
mount_nfs(8)
mountd(8)
exports(5)
The Handbook and FAQ

I found the the -kerb option in exports.
I don't know if this uses the "publickey" NIS database -- I doubt it.

stevedav@NOSPAM.pacbell.net
(Remove the 'NOSPAM.')


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002281800.KAA24034>